api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Special characters are not support in operation policies such as "Add Header"

Open wasuradananjith opened this issue 3 years ago • 1 comments

Description:

We cannot give special characters to some operation policy attributes such as the Header Value of the Add Header Policy.

image

These situations should be allowed. (A problem in the Regex)

wasuradananjith avatar Apr 22 '22 08:04 wasuradananjith

Not Reproducible in WSO2 API Manager 4.6.0

This issue is not reproducible in WSO2 API Manager 4.6.0.

Test Results

Tested: "Add Header" operation policy with special characters in header value Input: /test* (forward slash and asterisk) Result: Saved successfully without validation errors

Analysis

A validation framework for operation policy attributes was introduced in February 2022 (commit cbb45dc13ed), which allows policies to optionally define validationRegex patterns. However, the built-in "Add Header" policy does not have a restrictive regex defined, allowing special characters to be used freely in header values.

Code locations:

  • components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java (lines 2611-2618)
  • apim-apps/portals/publisher/.../AttachedPolicyForm/General.tsx (lines 288-302)

Conclusion

Special characters including semicolons, asterisks, and forward slashes can be used in the "Add Header" policy's header value field without validation errors.

Tested on: WSO2 API Manager 4.6.0 Status: Not Reproducible

🤖 Generated with Claude Code

ranuka-laksika avatar Nov 24 '25 06:11 ranuka-laksika